If we take into account that XSS is the most widespread Web problem according to both Positive Technologies and international WASC statistics, the existence of such mechanisms in browsers is a useful initiative. I think Avir/HIPS developers should also care about this area.
There is a contracted summery below about filter efficiency against different attack vectors:
There is a contracted summery below about filter efficiency against different attack vectors:
| Stored version | No |
| DOM-Based | Partly |
| Reversed version | |
| In tag | No |
| In Javascript | No |
| In HTML | Yes |
| In tag parameter | Yes |
It is funny that the different vulnerability (HTTP Response Splitting) was detected that allows attackers to disable XSS protection. I hope the problem will be solved in the release version.
